Stuxnet
"The Stuxnet worm is a "wake-up call" because of its complexity and its aim at critical infrastructure systems, a Symantec director told a U.S. congressional committee today.
The malware is a milestone in many ways, Dean Turner, director of Symantec Security Response's Global Intelligence Network, said in testimony before the U.S. Senate Committee on Homeland Security and Governmental Affairs.
It is the first known threat to: spy on and reprogram industrial control systems and grant hackers control of critical infrastructures; use four zero-day vulnerabilities; compromise two digital certificates; inject code into industrial control systems and hide the code from operators; and include a programmable logic controller (PLC) rootkit to reprogram PLCs and hide the changes, he said.
"Stuxnet is an incredibly large and complex threat," Turner said. "In fact, it is one of the most complex threats that we have analyzed to date at Symantec."
"Stuxnet demonstrates the vulnerability of critical national infrastructure industrial control systems to attack through widely used computer programs and technology. Stuxnet is a wake-up call to critical infrastructure systems around the world," he said. "Stuxnet has highlighted that direct attacks to control critical infrastructure are possible and not necessarily spy-novel fictions. The real-world implications of Stuxnet are beyond any threat we have seen in the past."...
